aaspai-authx 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/express/index.cjs +87 -69
- package/dist/express/index.cjs.map +1 -1
- package/dist/express/index.js +87 -69
- package/dist/express/index.js.map +1 -1
- package/dist/index.cjs +121 -87
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +20 -20
- package/dist/index.d.ts +20 -20
- package/dist/index.js +121 -87
- package/dist/index.js.map +1 -1
- package/dist/nest/index.cjs +87 -69
- package/dist/nest/index.cjs.map +1 -1
- package/dist/nest/index.js +87 -69
- package/dist/nest/index.js.map +1 -1
- package/package.json +1 -1
package/dist/nest/index.cjs
CHANGED
|
@@ -107,26 +107,15 @@ function isPlainObject(value) {
|
|
|
107
107
|
var PLATFORM_ROLES = [
|
|
108
108
|
{
|
|
109
109
|
role: "platform_admin",
|
|
110
|
-
permissions: [
|
|
111
|
-
"projects.create",
|
|
112
|
-
"projects.read",
|
|
113
|
-
"projects.update",
|
|
114
|
-
"projects.delete",
|
|
115
|
-
"users.manage",
|
|
116
|
-
"api.manage"
|
|
117
|
-
]
|
|
110
|
+
permissions: []
|
|
118
111
|
},
|
|
119
112
|
{
|
|
120
113
|
role: "platform_manager",
|
|
121
|
-
permissions: [
|
|
122
|
-
"projects.read",
|
|
123
|
-
"projects.update",
|
|
124
|
-
"users.read"
|
|
125
|
-
]
|
|
114
|
+
permissions: []
|
|
126
115
|
},
|
|
127
116
|
{
|
|
128
117
|
role: "platform_user",
|
|
129
|
-
permissions: [
|
|
118
|
+
permissions: []
|
|
130
119
|
}
|
|
131
120
|
];
|
|
132
121
|
function getPermissionsForRoles(roles) {
|
|
@@ -184,17 +173,36 @@ function buildSession(payload) {
|
|
|
184
173
|
return session;
|
|
185
174
|
}
|
|
186
175
|
|
|
187
|
-
// src/models/
|
|
176
|
+
// src/models/rolePermission.model.ts
|
|
188
177
|
var import_mongoose = __toESM(require("mongoose"), 1);
|
|
178
|
+
var RolePermissionSchema = new import_mongoose.Schema(
|
|
179
|
+
{
|
|
180
|
+
orgId: { type: String, default: null, index: true },
|
|
181
|
+
role: { type: String, required: true },
|
|
182
|
+
permissions: { type: [String], default: [] }
|
|
183
|
+
},
|
|
184
|
+
{
|
|
185
|
+
timestamps: true
|
|
186
|
+
}
|
|
187
|
+
);
|
|
188
|
+
RolePermissionSchema.index({ orgId: 1, role: 1 }, { unique: true });
|
|
189
|
+
var RolePermissionModel = import_mongoose.default.model(
|
|
190
|
+
"RolePermission",
|
|
191
|
+
RolePermissionSchema,
|
|
192
|
+
"role_permissions"
|
|
193
|
+
);
|
|
194
|
+
|
|
195
|
+
// src/models/user.model.ts
|
|
196
|
+
var import_mongoose2 = __toESM(require("mongoose"), 1);
|
|
189
197
|
var import_uuid = require("uuid");
|
|
190
|
-
var MetadataSchema = new
|
|
198
|
+
var MetadataSchema = new import_mongoose2.default.Schema(
|
|
191
199
|
{
|
|
192
200
|
key: { type: String, required: true },
|
|
193
|
-
value: { type:
|
|
201
|
+
value: { type: import_mongoose2.default.Schema.Types.Mixed, required: true }
|
|
194
202
|
},
|
|
195
203
|
{ _id: false }
|
|
196
204
|
);
|
|
197
|
-
var OrgUserSchema = new
|
|
205
|
+
var OrgUserSchema = new import_mongoose2.default.Schema(
|
|
198
206
|
{
|
|
199
207
|
id: { type: String, default: (0, import_uuid.v4)(), index: true },
|
|
200
208
|
email: { type: String, required: true, unique: true },
|
|
@@ -211,7 +219,7 @@ var OrgUserSchema = new import_mongoose.default.Schema(
|
|
|
211
219
|
},
|
|
212
220
|
{ timestamps: true, collection: "users" }
|
|
213
221
|
);
|
|
214
|
-
var OrgUser =
|
|
222
|
+
var OrgUser = import_mongoose2.default.model("OrgUser", OrgUserSchema);
|
|
215
223
|
|
|
216
224
|
// src/utils/extract.ts
|
|
217
225
|
var import_cookie = require("cookie");
|
|
@@ -276,6 +284,27 @@ function verifyJwt(token) {
|
|
|
276
284
|
}
|
|
277
285
|
|
|
278
286
|
// src/middlewares/auth.middleware.ts
|
|
287
|
+
async function mergeRolePermissions(session) {
|
|
288
|
+
const roles = Array.isArray(session.roles) ? session.roles : [];
|
|
289
|
+
if (!roles.length) return;
|
|
290
|
+
const orgContexts = /* @__PURE__ */ new Set();
|
|
291
|
+
if (session.orgId) orgContexts.add(session.orgId);
|
|
292
|
+
if (session.org_id) orgContexts.add(session.org_id);
|
|
293
|
+
if (session.projectId) orgContexts.add(session.projectId);
|
|
294
|
+
orgContexts.add(null);
|
|
295
|
+
const docs = await RolePermissionModel.find({
|
|
296
|
+
orgId: { $in: Array.from(orgContexts) },
|
|
297
|
+
role: { $in: roles }
|
|
298
|
+
}).lean().exec();
|
|
299
|
+
const dynamic = /* @__PURE__ */ new Set();
|
|
300
|
+
for (const doc of docs) {
|
|
301
|
+
for (const perm of doc.permissions || []) {
|
|
302
|
+
if (perm) dynamic.add(perm);
|
|
303
|
+
}
|
|
304
|
+
}
|
|
305
|
+
const existing = Array.isArray(session.permissions) ? session.permissions : [];
|
|
306
|
+
session.permissions = Array.from(/* @__PURE__ */ new Set([...existing, ...dynamic]));
|
|
307
|
+
}
|
|
279
308
|
function requireAuth() {
|
|
280
309
|
return async (req, res, next) => {
|
|
281
310
|
try {
|
|
@@ -292,26 +321,32 @@ function requireAuth() {
|
|
|
292
321
|
if (!user) {
|
|
293
322
|
return res.status(401).json({ error: "User not found" });
|
|
294
323
|
}
|
|
295
|
-
const
|
|
324
|
+
const session = buildSession({
|
|
296
325
|
sub: user.id.toString(),
|
|
297
326
|
email: user.email,
|
|
298
|
-
roles: user.roles || []
|
|
327
|
+
roles: user.roles || [],
|
|
328
|
+
orgId: user.orgId,
|
|
329
|
+
org_id: user.orgId,
|
|
330
|
+
projectId: user.projectId
|
|
299
331
|
});
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
332
|
+
session.authType = "api-key";
|
|
333
|
+
session.projectId = readProjectId(req) || user.projectId || void 0;
|
|
334
|
+
await mergeRolePermissions(session);
|
|
335
|
+
req.user = session;
|
|
303
336
|
return next();
|
|
337
|
+
} else {
|
|
338
|
+
const token = extractToken(req);
|
|
339
|
+
if (!token) {
|
|
340
|
+
return res.status(401).json({ error: "Missing token" });
|
|
341
|
+
}
|
|
342
|
+
const claims = await verifyJwt(token);
|
|
343
|
+
const session = buildSession(claims);
|
|
344
|
+
const pid = readProjectId(req);
|
|
345
|
+
if (pid) session.projectId = pid;
|
|
346
|
+
await mergeRolePermissions(session);
|
|
347
|
+
req.user = session;
|
|
348
|
+
next();
|
|
304
349
|
}
|
|
305
|
-
const token = extractToken(req);
|
|
306
|
-
if (!token) {
|
|
307
|
-
return res.status(401).json({ error: "Missing token" });
|
|
308
|
-
}
|
|
309
|
-
const claims = await verifyJwt(token);
|
|
310
|
-
const session = buildSession(claims);
|
|
311
|
-
const pid = readProjectId(req);
|
|
312
|
-
if (pid) session.projectId = pid;
|
|
313
|
-
req.user = session;
|
|
314
|
-
next();
|
|
315
350
|
} catch (e) {
|
|
316
351
|
res.status(401).json({ error: e?.message || "Unauthorized" });
|
|
317
352
|
}
|
|
@@ -365,8 +400,8 @@ function validateSendInvite(req, res, next) {
|
|
|
365
400
|
}
|
|
366
401
|
|
|
367
402
|
// src/models/invite.model.ts
|
|
368
|
-
var
|
|
369
|
-
var InviteSchema = new
|
|
403
|
+
var import_mongoose3 = __toESM(require("mongoose"), 1);
|
|
404
|
+
var InviteSchema = new import_mongoose3.default.Schema(
|
|
370
405
|
{
|
|
371
406
|
id: { type: String, required: true, index: true },
|
|
372
407
|
email: { type: String, required: true },
|
|
@@ -384,15 +419,15 @@ var InviteSchema = new import_mongoose2.default.Schema(
|
|
|
384
419
|
},
|
|
385
420
|
{ timestamps: true, collection: "invites" }
|
|
386
421
|
);
|
|
387
|
-
var Invite =
|
|
422
|
+
var Invite = import_mongoose3.default.model("Invite", InviteSchema);
|
|
388
423
|
|
|
389
424
|
// src/services/auth-admin.service.ts
|
|
390
425
|
var import_bcrypt = __toESM(require("bcrypt"), 1);
|
|
391
426
|
var import_jsonwebtoken2 = __toESM(require("jsonwebtoken"), 1);
|
|
392
427
|
|
|
393
428
|
// src/models/client.model.ts
|
|
394
|
-
var
|
|
395
|
-
var ClientSchema = new
|
|
429
|
+
var import_mongoose4 = __toESM(require("mongoose"), 1);
|
|
430
|
+
var ClientSchema = new import_mongoose4.Schema(
|
|
396
431
|
{
|
|
397
432
|
clientId: {
|
|
398
433
|
type: String,
|
|
@@ -420,26 +455,7 @@ var ClientSchema = new import_mongoose3.Schema(
|
|
|
420
455
|
timestamps: true
|
|
421
456
|
}
|
|
422
457
|
);
|
|
423
|
-
var ClientModel =
|
|
424
|
-
|
|
425
|
-
// src/models/rolePermission.model.ts
|
|
426
|
-
var import_mongoose4 = __toESM(require("mongoose"), 1);
|
|
427
|
-
var RolePermissionSchema = new import_mongoose4.Schema(
|
|
428
|
-
{
|
|
429
|
-
orgId: { type: String, default: null, index: true },
|
|
430
|
-
role: { type: String, required: true },
|
|
431
|
-
permissions: { type: [String], default: [] }
|
|
432
|
-
},
|
|
433
|
-
{
|
|
434
|
-
timestamps: true
|
|
435
|
-
}
|
|
436
|
-
);
|
|
437
|
-
RolePermissionSchema.index({ orgId: 1, role: 1 }, { unique: true });
|
|
438
|
-
var RolePermissionModel = import_mongoose4.default.model(
|
|
439
|
-
"RolePermission",
|
|
440
|
-
RolePermissionSchema,
|
|
441
|
-
"role_permissions"
|
|
442
|
-
);
|
|
458
|
+
var ClientModel = import_mongoose4.default.models.Client || import_mongoose4.default.model("Client", ClientSchema);
|
|
443
459
|
|
|
444
460
|
// src/services/auth-admin.service.ts
|
|
445
461
|
var AuthAdminService = class {
|
|
@@ -1033,16 +1049,18 @@ async function sendRateLimitedEmail({
|
|
|
1033
1049
|
return { rateLimited: false };
|
|
1034
1050
|
}
|
|
1035
1051
|
function generateTokens(user) {
|
|
1036
|
-
const
|
|
1037
|
-
|
|
1038
|
-
|
|
1039
|
-
|
|
1040
|
-
|
|
1041
|
-
|
|
1042
|
-
|
|
1043
|
-
|
|
1044
|
-
|
|
1045
|
-
|
|
1052
|
+
const accessPayload = {
|
|
1053
|
+
sub: user.id.toString(),
|
|
1054
|
+
email: user.email,
|
|
1055
|
+
roles: user.roles || [],
|
|
1056
|
+
orgId: user.orgId || null,
|
|
1057
|
+
org_id: user.orgId || null,
|
|
1058
|
+
projectId: user.projectId || null,
|
|
1059
|
+
type: "user"
|
|
1060
|
+
};
|
|
1061
|
+
const accessToken = import_jsonwebtoken4.default.sign(accessPayload, process.env.JWT_SECRET, {
|
|
1062
|
+
expiresIn: "1h"
|
|
1063
|
+
});
|
|
1046
1064
|
const refreshToken = import_jsonwebtoken4.default.sign(
|
|
1047
1065
|
{ sub: user._id.toString() },
|
|
1048
1066
|
process.env.JWT_SECRET,
|